Month: February 2009

Fix It For Me Blog

Not every administrator or home user is an IT guru.  Sometimes they encounter a problem, find an associated MS KB article, get all happy and are suddenly deflated when they see masses of command prompt lines and registry edits that fly over their heads.  Some enterprising people in MS are trying to help out.  I just saw this link on Bink’s site.  The folks at the Fix It For Me Blog will endeavour to  give you scripted solutions to posted KP articles.  There’s always a chance that their variables in the equation that will limit them or require some customisation but it’s a very brave effort.

System Center Virtual Machine MP for OpsMgr 2007

Microsoft has updated the Operations Manager 2008 management pack for Virtual Machine Manager 2008. 

“This management pack is tightly integrated with VMM 2008 to implement the following features:

  • Comprehensive health monitoring of virtual machines
  • Performance and Resource Optimization (PRO) in VMM
  • VMM reports
  • Diagram views available from the VMM Administrator Console
  • Note: The Microsoft.SystemCenter.VirtualMachineManager.Pro.2008.Public class in the System Center Virtual Machine Manager 2008 PRO Library management pack has been redefined as an abstract class.”

If you’re new to Hyper-V and VMM, VMM 2008 is to Hyper-V what Virtual Center is to ESX.  Both are additional purchases – a common moan from VMware-philes is that VMM costs money.  Obviously they didn’t get involved with pricing their own VMware infrastructures.  Where VMM really wins is the amount of management.  VMM can handle everything, including many ESX or Virtual Center servers!  It integrates tightly with OpsMgr.  Now you’re virtualisation layer is just a part of your overall infrastructure giving you top-bottom, cradle to grave management through one interface.  The management pack monitors OpsMgr.  Additional Pro Tips packs from h/w vendors enable h/w to be considered when monitoring the performance and health of your virtualisation layer.  According to Mike Briggs (an excellent MS engineer who’s helped me recently), the last of the above changes will further increase the possibility of partner integration.

Using the Microsoft iSCSI Software Target with Hyper-V

Jose Barreto, MS storage whiz, has written a pretty complete looking article on getting Hyper-V up and running with iSCSI.  If you’ve seen a Hyper-V cluster demonstration in Ireland then there’s a very good change that it was this sort of technology that you saw.  MS Ireland IT Pro, Dave Northey, uses iSCSI and he’s normally the guy talking about this stuff in Ireland.  Dave put up a video on his blog on how to get this stuff up and running.

Linux Doesn’t Have Anything Like VSS

Richard Jones at Data Center Strategies has brought up an interesting point.  Linux does not have anything like the Volume Shadow Copy service that made it’s first appearance in Windows Server 2003 and has since appeared in WXP and everything since.  VSS is a simple (the code probably is far from it) but powerful idea.  It allows a file to be backed up while maintaining the integrity of the contents.  This can then be used in a few ways.  You can take regular backups and use a certain percentage of the volume for storing those backups, e.g. 10% of available space.  Or your backup tool can use VSS as an open file agent to backup files to another media store, e.g. a dedicated backup disk drive or tape drive.

I started using VSS the week I first deployed W2003 back in the Summer of 2003.  We enabled VSS on our file servers and never looked back.  We allowed the file servers to use 10% of available disk space to keep as many backups as it could.  We ran VSS twice a day, midday and in the evening.  We also had file servers replicating (live) to DR site replicas and we backed up using Commvault every night (to disk and then to tape which was sent offsite).  I think you could say we were protected 🙂

Why were we using VSS?  I’m a believer in trying to do things quickly.  Part of that is empowering users.  For example, when procedures for file shares (who owns them, who has what permissions, etc, all on paper!) started slowing down responsiveness I started looking at SharePoint – we didn’t enable site creation delegation but we did allow admin delegation for the site owners.  VSS gave us something similar.  If a user wanted to recover a file, they simply used the Shadow Copy Client (for WXK and W2K, built into later OS’s).  It integrates into Windows Explorer and backups are only a right-click away in the file share.  Users could access any of the stored snapshots in Windows Explorer and using familiar windows, navigate to what they wanted from a time they wanted and copy it back to the file share.  When a user didn’t know how to do it (not everyone is IT savvy and can be trained) then our helpdesk did it for them.  The old experience of waiting hours for a backup to be catalogued and retrieved was gone. 

Replication to DR helped in case we lost the site.  We backed up to disk to speed up the backup process at night.  We then streamed to tape to keep data for longer periods.  Using 10% of available disk gave us anywhere from 1 week to 1 month of history depending on activity on the file servers.

MS extended VSS beyond just file servers.  There are special helpers called VSS writers to assist with files that have complications.  There are VSS writers for SQL, Exchange and Hyper-V.  VSS backs up as much as the file as possible.  There’s always just a little bit left over where changes where happening as the backup takes place.  There’s an incremental process to capture these.  The VSS writers allow a very quick stoppage of the service using the files so that the final bits of the backup can take place.  The outage is so quick that no body notices.  The integrity of the files is maintained with Microsoft’s support.  Tools such as Data Protection Manager 2007 SP1, Iron Mountain LiveVault and Connected and Virtual Machine Manager 2008 VMM (for P2V) use this methodology.

The blog post points out that this is something missing from Linux.  I’d have to agree.  I actually find it surprising that they haven’t come up with something similar.  VSS is a very powerful and under-marketed engine.

Protect Documents No Matter Where They Are: AD Rights Management Services

There’s different types of encryption.  The one you might know best is transmission encryption.  A message is encrypted only while it is in transit over the wire between a source and destination.  It is unprotected at either end.  Then there is folder or file encryption.  While a document is on the disk or in the folder it is secure.  If the document leaves the folder, e.g. on USB stick or by email, it is not secure.  Disk encryption (Windows Vista/7 BitLocker, SafeBoot, etc) or device (e.g. Windows 7 BitLocker to Go) encryption protect everything on a disk.  You can put that disk in another machine and have no access to the data without authentication.  But this doesn’t protect your data if it leaves that disk.

I just read a blog post where a company lost control of business data and it was put in a pretty compromised position.  A document with valuable information left secure control and was available to "the wild".  What can you do to protect documents in case they leave the safety of your encrypted network, folders or disks?  What if your documents are out "in the wild"?  Can you stop anyone from reading them?

Someone might suggest using passwords on those documents.  You’ve probably seen something similar to "protect" Excel spreadsheets, etc.  That won’t help.  Such a password is easily cracked using 3rd party tools that you can buy on the net.

What will help is Rights Management Services (RMS).  It first turned up as a free download for Windows Server 2003 (but requiring RMS CAL licensing) and Windows Server 2008 Active Directory Rights Management Services.  Using x.509 certs, you can protect your documents no matter where they are.  If someone copies documents and brings them home they have no access to them.  If someone takes them to a competitor when they leave the company they have no access to them.  If someone sends them to a press reporter they have no access to them.  According to MS, "Users can define who can open, modify, print, forward, or take other actions with the information". 

The cool thing about this solution is that it is AD integrated and ties directly into Office to make it very user friendly.  You can define policies for controlling documents, set up Internet connectivity for non-connected users, set up MOSS 2007 integration and set up AD Federated Services for partner companies.

There’s a step-by-step guide here.  Check the sub-pages in the navigation pane on the left for the content.

Event 25/02/2009: Branch Office Infrastructure Solutions

The Irish Windows User Group is hosting another event in February, featuring me.

I will be talking about Branch Office Infrastructure Solutions. Businesses today face many economic challenges. The desire to compete is being challenged by the difficulties of using IT infrastructure to connect workers in different locations, whether they be in different counties, countries or even just working from home.

This presentation will look at the problems, identify the real causes of the difficulties and offer solutions from Microsoft’s current catalogue of products. We will also look into the near future to see what is coming in Windows 7 Enterprise Edition and Windows Server 2008 R2 to help with inter-office working.

Ronald Dockery (Windows Client Business Group Lead at Microsoft Ireland) will follow up this presentation by diving a bit deeper in the technologies that Windows 7 Enterprise Edition will bring to the table in just a few months to further enable Branch Office Infrastructure Solutions.

Where and When?

The event will take place at 7PM, Wednesday February 25th at the Radisson SAS Royal Hotel in Dublin 8.

Registration
Admission will be free to members of the Windows Server 2008 User Group.  If you are already a member then you will receive an invitation via email.  If you are not a member then please sign-up for free by e-mailing the group

Thanks to …

Microsoft Ireland for sponsoring the event.

Microsoft Community Tech Days

Microsoft is working with the IT Pro Community around the country to redeliver the best bits of the Tech Ed conference, which took place in Barcelona last November. As well as local MVPs (Microsoft Valued Professionals) delivering content on the days, local Microsoft technical speakers will contribute. We are also lining up a number of high-profile international speakers, details of which will be released in the coming weeks.

A multi-topic format ensures there’ll be something for everyone and we will also host ‘Microsoft @ Home’ sessions in the evening which will look at Home Networking and Digital Photography. The agenda is set to include the following:

  • Virtualisation and Virtualisation management tools
  • Windows Client – including Vista deployment and First look @ Windows 7
  • Security
  • SQL – BI and the Accidental DBA
  • Small Business Server
  • Unified Communications & Collaboration
  • First look @ new products coming from Microsoft

Who Should Attend?

All IT Professionals: Infrastructure Specialist, DBA, App or LOB Specialist, IT Manager, Network Specialist, Desktop and End User Support.

Where and When?

Galway (10th March) – register your interest
Cork (12th March) – register your interest
Belfast (24th March) – register your interest
Dublin (26th March) – register your interest